Ben Edmunds Ion Auth library for CodeIgniter is awesome. It is full featured and secure, but in my opinion the documentation is lacking in providing a real-world tutorial on how to effectively use it to provide a secure, protected area of your website which requires a successful login to access. This post will ignore the fact that to truly have a secure login system for your CodeIgniter website, you should be securing your web server with an SSL Certificate.
I prefer to keep my CodeIgniter controllers DRY. To do so, we will borrow some code from Phil Sturgeon so that we can create a hierarchy of controller inheritance, e.g. Secure_Controller extends MY_Controller, which in turn extends CI_Controller.
Step 1: Install Ion Auth
Install and configure Ion Auth according to the instructions.
Step 2: Modify your config.php file
Add the following code to the end of your config.php file, typically located at /application/config/config.php. Basically, this code tells CodeIgniter if the controller we are trying to load does not begin with CI_, we should look for and load the file from the /application/core directory.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
/* | ------------------------------------------------------------------- | Native Auto-load | ------------------------------------------------------------------- | | Nothing to do with cnfig/autoload.php, this allows PHP autoload to work | for base controllers and some third-party libraries. | */ function __autoload($class) { if(strpos($class, 'CI_') !== 0) { @include_once( APPPATH . 'core/'. $class . EXT ); } } |
Step 3: Create your hierarchy of controllers
I prefer to use MY_Controller to add global functions to all of my controllers. For instance, I typically add an is_post() function to MY_Controller to keep the business logic in the rest of my controllers concise. We will additionally create a Secure_Controller class. Effectively this means that any controller in your application that extends Secure_Controller will require a valid login.
1 2 3 4 5 6 7 |
class MY_Controller extends CI_Controller { public function is_post() { return $_SERVER['REQUEST_METHOD'] == 'POST' ? TRUE : FALSE; } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
class Secure_Controller extends MY_Controller { function __construct() { parent::__construct(); // // Require members to be logged in. If not logged in, redirect to the Ion Auth login page. // if( ! $this->ion_auth->logged_in()) { redirect(base_url() . 'auth/login'); } } |
Conclusion
So what does this Secure_Controller do? Any controller that extends Secure_Controller will invoke Secure_Controller’s constructor. The constructor checks with the Ion Auth library to see if a session variable exists for the current user, indicating a successful login. If that session variable does exist, your controller which extends Secure_Controller continues execution. If that session variable does not exist, the Secure_Controller will redirect the user to the Ion Auth login page.
That’s it. Pretty simple, right? If you have questions, leave a comment and I’ll help you out. Special thanks to Ben Edmunds and Phil Sturgeon for creating some cool, reusable CodeIgniter code.
Stay tuned for my next post on how to integrate Ion Auth with WanWizard’s DataMapper ORM.